Evgeniy Berdnikov via Exim-users <exim-users@???> writes:
> On Thu, Oct 14, 2021 at 05:50:23PM +0300, Odhiambo Washington via Exim-users wrote:
>> On Thu, Oct 14, 2021 at 4:25 PM Evgeniy Berdnikov via Exim-users <
>> exim-users@???> wrote:
>> > | dkim_selector Use: smtp Type: string list† Default:
>> > unset
>> > |
>> > | This sets the key selector string. After expansion, which can use
>> > | $dkim_domain, this can be a list. Each element in turn is put in the
>> > | expansion variable $dkim_selector which may be used in the
>> > | dkim_private_key option along with $dkim_domain.
>> >
>> > Does the assignment dkim_selector="key1:key2" work?
>> >
>>
>> I don't think that would work, because I have to then match a selector to a
>> key.
>
> The last sentense in the cited paragraph explains how this match works.
> Read it again carefully. Description of dkim_private_key repeats it:
>
> | dkim_private_key Use: smtp Type: string† Default: unset
> |
> | This sets the private key to use. You can use the $dkim_domain and
> | $dkim_selector expansion variables to determine the private key to use.
Indeed, but getting it to work took a while for me too. I'm now using
the following (Debian-esque config but you should see how it works):
DKIM_CANON = relaxed
DKIM_SELECTOR = ed2110 : rsa2110
DKIM_DOMAIN = ${sender_address_domain}
DKIM_PRIVATE_KEY = ${lookup {${sender_address_domain}} \
dsearch,ret=full {/etc/exim4/dkim} \
{$value/privkey-$dkim_selector.pem} {false}}
DKIM_TIMESTAMPS = 1209600
/Simon
